Brute force attacks are attacks by someone who has set up a program that automatically tries enormous numbers of username and password combinations in an attempt to gain unauthorized access to a website or server. This can create a twofold problem: making sites vulnerable to attack as well as driving up someone's bandwidth, system usage or both.

There are a variety of ways to protect a website from brute force attacks, and often, the most effective way is to make gaining access to a site as time-consuming as possible. Even though brute force applications can test enormous numbers of login credentials in a short amount of time, going through hundreds of thousands of combinations is time-consuming. When someone uses a default username, such as admin, and login page, this makes the job of a hacker that much easier since all they need to do is determine someone's password.

On the other hand, if someone has changed their login page and username, hackers will have to figure out a way to discover both. Changing someone's administrator login can usually be done by simply going into a Web hosting control panel, such as cPanel, but changing a default login page is trickier. Depending on how the website was developed, this may require working with system administrators to change the default page.

If changing the default login page is not possible, as sometimes is the case, individuals still have the option of forwarding the page to another site or password-protecting the login page with a .htaccess file, requiring someone to enter two sets of credentials to login. There is also the option to add a .htaccess file to restrict access to the administration panel of your website by your IP address. In the case of Joomla and Wordpress, you can add the following code to a .htaccess file in the administrative folders. If you are unsure what your IP address is, one tool that can be used is http://whatismyip.com.

<files "*.php"="">deny from allallow from 22.222.22.222allow from 33.333.33.333

Adding these restrictions may be slightly less convenient than leaving things as they are, but a website and its contents are far safer when these changes are made.

Adding a Cloud Server

Video Tutorial: How to add a Cloud Server.

HostingCon

Get In Touch

Innovation Place Research Park

201-116 Research Drive

Saskatoon, SK. S7N3R3

306.933.4800 / 933.4987

This email address is being protected from spambots. You need JavaScript enabled to view it.